100+ Data Sanitization (CDR) Engines to Prevent Unknown Threats

An increasingly popular and effective method of compromising computer security, especially as part of a targeted attack, involves sharing common document types or image files with victims. Even though the original versions of these files do not contain executable data, attackers have found ways to trigger these files to execute embedded malicious code. Popular techniques used to accomplish this include VBA macros, exploit payloads, and embedded Flash or JavaScript code. This type of attack has a high success rate because most users don’t expect common file types to contain infections.

For high-risk files or scenarios, data sanitization, also known as Content Disarm and Reconstruction (CDR), prevents any possibility of malicious content (including zero-day threats) executing. High-risk files can be sanitized through several different methods:

Removing embedded objects (scripts, macros, etc.)

Converting the file format

Recent Attacks in the News

Check out the news stories below for examples of real-world attacks that data sanitization could have prevented.

100+ Sanitization Engines for Widespread File Support

The 100+ Metadefender data sanitization engines offer flexibility for users by supporting over 20 file type conversions (and Metadefender is now the only platform that supports JTD and HWP files). The engines meticulously deconstruct and then reconstruct files in the most common formats to ensure virtually no usability is impacted. As part of the reconstruction process, the file type itself can be converted (i.e. from .docx to .pdf or .png) for even greater security. The Metadefender Workflow Engine provides customization features so that administrators can control which file types are sanitized and when to sanitize them. For example, some organizations may prefer a workflow that sanitizes files first, and then scans them with multiple anti-malware engines. For easy access, Metadefender keeps a log of sanitized and original files in quarantine.

Supported File Types

Original File Type

Supported Conversion Types

doc

doc, pdf

xls

xls, pdf

ppt

ppt, pdf

rtf

rtf

docx

docx, txt, html, pdf, ps, jpg, bmp, png, tiff, svg

xlsx

xlsx, csv, html, tiff, pdf, ps, jpg, bmp, png, svg

pptx

pptx, pdf

htm/html

html, pdf, ps, jpg, bmp, png, svg

pdf

pdf, hml, svg, jpg, bmp, png, tiff, txt

jpg

jpg, bmp, png, tiff, svg, gif, ps, eps, pdf

bmp

bmp, jpg, png, tiff, svg, gif, ps, eps, pdf

png

png, jpg, bmp, tiff, svg, gif, ps, eps, pdf

tiff

tiff, jpg, bmp, png, svg, gif, ps, eps

svg

jpg, bmp, png, tiff, gif, ps, eps

gif

jpg, bmp, png, tiff, svg, ps, eps, pdf

7z

zip

gz

zip

rar

zip

xz

zip

zip

zip

hwp*

hwp

jtd*

jtd

xml*

xml, pdf

wmf*

jpg, bmp, png, tiff, svg, gif, ps, eps, pdf

* in beta

Sanitized File Scan Results from Metadefender.com

Below are several different files types that were scanned with Metadefender.com, our demonstration tool for our Metadefender Core technology, to provide examples of infected files that were sanitized to remove threats while maintaining usability.

Broad Coverage Without Compromising Usability

While sanitization may sound severe, Metadefender meticulously reconstructs each file so that usability is rarely ever impacted. Furthermore, original files can be archived in the Metadefender quarantine so that they remain available, in case they are needed for further analysis. To see how data sanitization maintains file usability, you can download the before and after (safe) file examples below.